COMMISSION REGULATION
(EC,
EURATOM
) No 1302/2008
of 17 December 2008
on the central exclusion database
THE COMMISSION OF THE EUROPEAN COMMUNITIES,
Having regard to the Treaty establishing the European Community,
Having regard to the Treaty establishing the European Atomic Energy Community,
Having regard to Council Regulation (EC, Euratom) No 1605/2002 of 25 June 2002 on the Financial Regulation applicable to the general budget of the European Communities(1), and in particular Article 95 thereof,
Having regard to Council Regulation (EC) No 215/2008 of 18 February 2008 on the Financial Regulation applicable to the 10th European Development Fund(2), in particular to Article 98 thereof,
Whereas:
(1) The Commission, which is responsible for executing the general budget of the European Union and any other funds managed by the Communities, is under an obligation to set up and operate a central data base, in compliance with Community rules on the protection of personal data, with the objectives to make efficient the exclusion mechanism provided for in the Financial Regulation and to protect the financial interests of the Communities. The database should in particular cover the execution of all Community funds independently from the applicable management mode.
(2) The Financial Regulation places obligations on the institutions concerning the award of contracts and grants to third parties in the context of centralised management of Community funds. In particular, Articles 93 and 114(3) set out an obligation to exclude third parties from participation in procurement or grant award procedures where they are in one of the situations listed in Article 93(1). Articles 94 and 114(3) forbid the award of a contract or grant to third parties who, during a specific procurement or grant procedure, are in a situation of conflict of interest or misrepresentation in supplying the information required by the institution as a condition of participation in the procurement or award procedure. Articles 96 and 114(4) further establish the possibility for the contracting authority to impose administrative and financial penalties on third parties, in particular in the form of exclusion from the benefit of any Community fund for a period to be determined by the institution concerned pursuant to Article 133a of Commission Regulation (EC, Euratom) No 2342/2002 of 23 December 2002 laying down detailed rules for the implementation of Council Regulation (EC, Euratom) No 1605/2002 on the Financial Regulation applicable to the general budget of the European Communities(3).
(3) Articles 74 and 75 of Commission Regulation (EC, Euratom) No 2343/2002 of 23 December 2002 on the framework Financial Regulation for the bodies referred to in Article 185 of Council Regulation (EC, Euratom) No 1605/2002 on the Financial Regulation applicable to the general budget of the European Communities(4) requires these bodies to apply the abovementioned provisions.
(4) Article 50 of Commission Regulation (EC) No 1653/2004 of 21 September 2004 on a standard financial regulation for the executive agencies pursuant to Council Regulation (EC) No 58/2003 laying down the statute for executive agencies to be entrusted with certain tasks in the management of Community programmes(5) requires the executive agencies to apply the abovementioned provisions of the Financial Regulation for the implementation for their operating budget.
(5) Given that executive agencies have the status of authorising officers by delegation of the Commission for the implementation of operational appropriations for which they apply the Financial Regulation, they should have access to the exclusion database in the same manner as Commission services.
(6) The objectives and the purpose of the exclusion database should be defined in order to determine the use of the data.
(7) The European Anti-Fraud Office (OLAF) should have access to the exclusion database for pursuing its regulatory investigation tasks and its intelligence and fraud-prevention activities exercised pursuant to Article 1(2) of Regulation (EC) No 1073/1999 of the European Parliament and of the Council of 25 May 1999 concerning investigations conducted by the European Anti-Fraud Office (OLAF)(6) and Council Regulation (Euratom) No 1074/1999 of 25 May 1999 concerning investigations conducted by the European Anti-Fraud Office (OLAF)(7).
(8) The accounting officer of the Commission should ensure the administration of the exclusion database and have the right to modify data in the database. The relevant Commission service or the other institutions should be responsible for requesting the entry of exclusion warnings into the exclusion database.
(9) Rules for access to the exclusion database should differentiate between Commission services, executive agencies and all institutions and Community bodies using an accounting system provided by the Commission (hereinafter ABAC) which enables direct access to the warnings, on the one hand, and the other institutions, implementing authorities and bodies that do not have such access, on the other hand. Therefore these institutions should have access through designated contact points and implementing authorities or bodies should have access via liaison points.
(10) It should be possible to limit access to the exclusion database where implementing authorities or bodies manage funds with a very limited level of decentralisation, which renders access to the exclusion database inappropriate or where such access has to be denied for data protection reasons.
(11) In order to clearly define their responsibilities, the tasks of the contact points and liaison points should be determined.
(12) In order to reflect the fact that the database should be common to the institutions, the data flow should be channelled directly to the accounting officer of the Commission.
(13) In order to protect the financial interests of the Communities between an exclusion decided pursuant to Article 93(1) of the Financial Regulation for a specific procurement or grant procedure and the determination of the duration of the exclusion by the institution, the latter should be able to request provisional registration of an exclusion warning.
(14) In order to avoid outdated warnings, in particular those concerning entities which have been wound up, warnings indicating an exclusion pursuant to Article 93(1)(a) and (d) of the Financial Regulation should be automatically removed after five years.
(15) Given that exclusions pursuant to Article 94 of the Financial Regulation concern specific procurement or grant procedures and not – as under Article 93(1) – a general exclusion situation, the registration period should be limited and removed automatically.
(16) The procedure for requests based on information from implementing authorities or bodies, which applies to all management modes with the exception of centralised direct management, should be clearly spelled out.
(17) The share of responsibility of the implementing authorities or bodies as regards the data communicated, through the liaison point on one side and through the accounting officer on the other side, to the Commission service responsible, including rectification, updating or removal of the data should be clearly laid down.
(18) In order to provide for a clear set of rules in all cases where the implementing authority or body did not determine an exclusion duration pursuant to Article 133a(1) of the Implementing Rules, it should be stated that the decision on the exclusion duration should be prepared by the Commission service responsible and adopted by the Commission.
(19) The information flow between authorised users of the exclusion database should be detailed; contact warning persons for each warning should be determined, who shall provide information on the warning concerned to authorised users of the exclusion database.
(20) A specific provision should cover cases where proof provided by third parties is not consistent with data in the exclusion database, in order to ensure that data in the exclusion database are correct and up to date.
(21) In order to allow an exchange of best practices between institutions and to address issues related to the use of the exclusion database, a suitable framework should be defined.
(22) The processing of personal data inherent to the operation of the exclusion database shall be made in accordance with the Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, applicable to Member States(8) and the Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data(9), which are fully applicable.
(23) The present Regulation has been drafted taking due consideration of the opinion of the European Data Protection Supervisor. Furthermore, Regulation (EC) No 45/2001 stipulates that such processing is subject to prior checking by the European Data Protection Supervisor following notification by the Commission Data Protection Officer.
(24) For sake of clarity, data protection provisions should precise the rights of the persons whose data are or could be introduced into the exclusion database. Natural and legal persons should be informed of the introduction of data concerning them in the exclusion database.
HAS ADOPTED THIS REGULATION:
Article 1
Subject matter
1. This Regulation establishes a central database (hereinafter ‘the exclusion database’) as referred to in Article 95 of Regulation (EC, Euratom) No 1605/2002 (hereinafter ‘the Financial Regulation’).
2. Data contained in the exclusion database may be used only for the purposes of applying Articles 93 to 96 and 114 of the Financial Regulation and Articles 133 to 134b of Regulation (EC, Euratom) No 2342/2002 as well as Articles 96 to 99 and 110 of Regulation (EC) No 215/2008.
3. OLAF may use the data for its investigations pursuant to Regulation (EC) No 1073/1999 and Council Regulation (Euratom) No 1074/1999 as well as for its intelligence and fraud prevention activities, including risk analyses.
Article 2
Definitions
For the purpose of this Regulation, the following definitions shall apply:
1.
‘institutions’ mean European Parliament, Council, Commission, Court of Justice, Court of Auditors, European Economic and Social Committee, Committee of the Regions, Ombudsman, European Data-Protection Supervisor, executive agencies and bodies referred to in Article 185(1) of the Financial Regulation;
2.
‘implementing authority or body’ means authorities of the Member States and third countries, international organisations and other bodies participating in the implementation of the budget in accordance with Articles 53 and 54 of the Financial Regulation, with the exception of executive agencies and bodies referred to in Article 185(1) of that Regulation. Member States may assign tasks provided for in this Regulation to other national public authorities, which shall be assimilated to implementing authorities or bodies.
3.
‘third parties’ mean candidates, tenderers, contractors, suppliers, service providers and their respective subcontractors, as well as grant applicants, grant beneficiaries, including beneficiaries of direct aid, contractors of grant beneficiaries and entities receiving financial support from a beneficiary of a Community grant pursuant to Article 120 of the Financial Regulation.
Article 3
Exclusion warning
Exclusion warnings shall contain the following data:
(a) information identifying third parties, which are in one of the situations referred to in Article 93(1), 94, 96(1)(b) and 96(2)(a) of the Financial Regulation;
(b) information concerning persons with powers of representation, decision-making or control over legal entities, when those persons have found themselves in one of the situations referred to in Article 93(1), 94, 96(1)(b) and 96(2)(a) of the Financial Regulation;
(c) the grounds for exclusion of third parties referred to in point (a) or persons referred to in point (b) and, where appropriate, the type of conviction and the duration of the period of exclusion.
Article 4
Administration of the exclusion database
1. The Commission’s accounting officer or his subordinate staff to whom certain tasks are delegated in application of Article 62 of the Financial Regulation (hereinafter ‘the accounting officer of the Commission’) shall ensure the administration of the exclusion database and make appropriate technical arrangements.
The accounting officer of the Commission shall enter, modify or remove exclusion warnings pursuant to requests by the institutions.
2. The accounting officer of the Commission shall adopt implementing measures concerning technical aspects and define associated supporting procedures, including in the field of security.
He shall notify those measures to the Commission services and the executive agencies and, where appropriate, the contact points of the other institutions designated in accordance with Article 6(1) or the liaison points designated in accordance with Article 7(2).
Article 5
Access to the exclusion database
1. Institutions, other than the Commission and executive agencies, shall have direct access to the data contained in the exclusion database via the accounting system provided by the Commission (ABAC) or through contact points.
2. Implementing authorities or bodies managing funds under shared management and national public-sector bodies of Member States managing funds under centralised indirect management shall have access to data contained in the exclusion database through liaison points.
3. Implementing authorities or bodies managing funds under centralised indirect, decentralised or joint management shall have access to the data contained in the exclusion database through liaison points when they certify to the Commission service responsible that they apply the adequate data protection measures as laid down in agreements concluded pursuant to the second subparagraph of Article 134a(4) of Regulation (EC, Euratom) No 2342/2002.
However, the implementing authorities or bodies shall not be given access to the exclusion database in either of the following cases:
(a) the Commission service responsible has not received the certification referred to in the first subparagraph;
(b) the Commission service responsible is in possession of evidence that the implementing authorities or bodies do not apply adequate data protection measures;
(c) the Commission service responsible considers that the access would be inappropriate in the cases of limited level of decentralisation comprising ex ante control by the Commission.
Where access to the data contained in the exclusion database is denied, the Commission service responsible shall take appropriate measures in order to ensure at least the same level of protection of the Communities’ financial interests. In the framework of those measures, before the award of a grant or a contract, the Commission service responsible shall verify that the third party concerned is not subject to an exclusion warning.
4. Access to data contained in the exclusion database by Commission services and executive agencies is laid down in Commission Decision 2008/969/EC, Euratom(10).
Article 6
Contact points and authorised users within institutions
1. Each institution, other than the Commission and the executive agencies, shall designate a contact point responsible as regards all issues related to the exclusion database and communicate the names of the persons in charge to the accounting officer of the Commission.
2. Contact points may provide access to the information contained in the exclusion database to authorised users, who shall be staff members of the institutions, for whom access to that database is indispensable for a proper exercise of their tasks. Each contact point shall keep a register of authorised users and give the Commission access to it upon request.
Authorised users may proceed to active online consultation of the exclusion database.
3. The institution shall provide for adequate security measures to prevent the information from being read or copied by unauthorised persons.
Article 7
Liaison points and authorised users within implementing authorities and bodies
1. Liaison points shall be responsible for relations with the Commission as regards all issues related to the exclusion database.
2. Each Member State shall designate one liaison point for the funds it implements by shared management pursuant to Article 53(b) and the funds implemented by centralised indirect management by its national public-sector bodies pursuant to Article 54(2)(c) of the Financial Regulation. Exceptionally and for duly justified reasons, the Commission may approve more than one liaison point per Member State.
3. Each third country implementing funds by decentralised management pursuant to Article 53(b) of the Financial Regulation shall designate a liaison point at the request of the Commission service responsible.
Each implementing body implementing funds by joint management pursuant to Article 53(c) or by centralised indirect management pursuant to points (b), (c) or (d) of Article 54(2) of that Regulation, with the exception of national public-sector bodies, shall designate a liaison point at the request of the Commission service responsible.
However, the Commission service responsible shall not request designation of a liaison point where such a liaison point already exists.
When the Commission service responsible withdraws access of a liaison point to the exclusion database, it shall inform the accounting officer of the Commission accordingly.
4. Each Member State and each authority or body referred to in paragraph 3 shall communicate the names of the persons in charge of their respective liaison point to the accounting officer of the Commission. The accounting officer of the Commission shall publish the list of third countries and implementing bodies disposing of liaison points on the Commission’s internal Internet site.
5. Liaison points shall provide the implementing authorities or bodies with access to the information contained in the exclusion database.
Implementing authorities and bodies may designate authorised users among their staff members. The number of such authorised users shall be limited to persons for whom access to that database is indispensable for a proper exercise of their tasks. Each implementing authority or body shall keep a register of authorised users and give the Commission access to it upon request.
For the purpose of award of contracts connected with implementation of the budget or the European Development Fund, authorised users may proceed to active online consultation of the exclusion database. Where an online consultation is not possible, the authorised user may receive downloaded data. In the latter case, the data shall be updated at least on a monthly basis.
6. The authority or body having designated the liaison point or the authorised users shall provide for adequate security measures to prevent the information from being read or copied by unauthorised persons.
Article 8
Requests from the institutions
1. All requests for registration, rectification, updating or removal of exclusion warnings shall be addressed to the accounting officer of the Commission.
Only institutions may submit such requests. For that purpose, the Commission services and executive agencies responsible shall use the templates set out in the Annex to Decision 2008/969/EC, Euratom and the contact points of other institutions shall use the templates set out in Annex I to this Regulation.
2. In each request for registration of an exclusion warning, the Commission service or the executive agency responsible shall certify that the information communicated was established and transmitted in accordance with Regulation (EC) No 45/2001 and indicate a warning contact person assuming the responsibilities laid down in Article 12 of this Regulation.
When requesting the registration of an exclusion warning, the contact points shall certify that the information communicated was established and transmitted in accordance with Regulation (EC) No 45/2001. The contact points shall assume the responsibilities of a warning contact person.
3. Any institution shall request provisional registration of an exclusion warning pending a decision on the duration of the exclusion.
4. The Commission service responsible or another institution that has requested registration of an exclusion warning shall be responsible for requesting rectification, updating or removal of that warning.
Article 9
Requests based on information from implementing authorities or bodies
1. The liaison points shall communicate information received from implementing authorities or bodies on exclusion situations referred to in Article 93(1)(e) of the Financial Regulation to the accounting officer of the Commission who shall forward this information to the Commission service responsible for the programme, action or legislation and identified by the authorities or bodies. They shall also transmit the certification of the implementing authority or body that the information communicated by them was established and transmitted in accordance with the principles set out in Directive 95/46/EC.
For that purpose, the liaison points shall use the template set out in Annex II to this Regulation.
2. Upon receipt of information referred to in paragraph 1, the Commission service responsible shall request the accounting officer of the Commission to enter an exclusion warning into the exclusion database for the duration determined by the implementing authority or body up to the maximum duration laid down in Article 93(3) of the Financial Regulation.
Where no duration is determined, the Commission service responsible shall request a provisional registration in accordance with Article 10(2), pending a decision by the Commission. The Commission service responsible shall refer the case as soon as possible to the Commission for decision.
3. The implementing authority or body shall be responsible for the data communicated. It shall, without delay, inform the Commission service responsible, through the liaison point, whenever information transmitted needs to be rectified, updated or removed.
For that purpose, the implementing authorities or bodies and the liaison points shall use the template set out in Annex II.
Upon receipt of updated information, the Commission service responsible shall request the accounting officer of the Commission to rectify, update or remove the exclusion warning concerned.
Article 10
Duration of registration in the exclusion database
1. Warnings concerning exclusions pursuant to points (b), (c), (e) and (f) of Article 93(1) of the Financial Regulation shall be registered for the period determined by the requesting institution and specified in the request.
2. An exclusion warning based on a request submitted in accordance with Article 8(3) shall be registered provisionally for a period of three months. The provisional registration may be renewed once upon request.
However, the provisional registration of an exclusion warning based on requests referred to in the second subparagraph of Article 9(2), may be, in exceptional cases, renewed for an additional period of three months.
3. Warnings concerning exclusions pursuant to points (a) or (d) of Article 93(1) of the Financial Regulation shall be registered for the period of five years.
4. Warnings concerning exclusions from the award of a contract or grant in a given procedure pursuant to Article 94(a) and (b) of the Financial Regulation shall be registered for a period of six months.
Article 11
Removal of exclusion warnings
Exclusion warnings shall be removed automatically after expiry of the duration set out in Article 10.
The institution which requested the registration, shall request the removal of an exclusion warning before the expiry of the duration, where the third party is no longer in an exclusion situation, in particular for the cases mentioned in paragraph 3 of Article 10 or for manifest errors discovered after the registration of the exclusion.
Article 12
Cooperation
1. The warning contact person referred to in Article 8(2) of this Regulation shall provide, in writing or by electronic means, all relevant information available to such an extent as to enable the requesting institution to take exclusion decisions pursuant to Article 93(1) of the Financial Regulation or to enable the implementing authority or body to take it into account for the award of contracts connected with implementation of the budget.
2. Where certificates or evidence obtained by an institution are not consistent with registered exclusion warnings, the institution concerned shall immediately inform the warning contact person. The warning contact person and where appropriate the liaison point concerned shall take appropriate action.
3. Where certificates or evidence obtained by an implementing authority or body are not consistent with registered exclusion warnings, the authority or body shall transmit the information, through its liaison point, to the warning contact person. The warning contact person and where appropriate the liaison point concerned shall take appropriate action.
4. The accounting officer of the Commission and the contact points of the other institutions shall regularly exchange best practices.
Issues related to the exclusion database shall be discussed in the framework of meetings between the implementing authority or body and the Commission service responsible.
Article 13
Data protection
1. In the calls for tender and calls for proposals and, in the absence of calls, before awarding contracts or grants, the institutions and implementing authorities or bodies shall inform third parties of the data concerning them that may be included in the exclusion database and of the entities to whom the data may be communicated. Where third parties are legal entities the institutions and implementing authorities or bodies shall also inform the persons who have powers of representation, decision-making or control over these legal entities.
2. The institution requesting registration of an exclusion warning shall be responsible for relations with the natural or legal person whose data are introduced into the exclusion database (hereinafter ‘the data subject concerned’).
The institution shall inform the data subject concerned of the request for activation, updating and removal of any exclusion warning directly concerning it and state the reasons thereof.
The institution shall also respond to requests from data subjects concerned to rectify inaccurate or incomplete personal data and to any other requests or questions from those subjects.
Requests or questions from data subjects concerned with regard to information provided by implementing authorities or bodies shall be treated by those authorities or bodies. The Commission service responsible shall refer such requests and questions to the liaison point concerned and inform the data subject concerned thereof.
3. Without prejudice to the information requirements set out in paragraph 2, a duly identified natural person may request information on whether data concerning him is registered in the exclusion database.
The accounting officer of the Commission shall inform him in writing or by electronic means, whether the person is registered in the exclusion database. If the person is registered, the accounting officer of the Commission shall attach the data stored in the exclusion database concerning that person. He shall inform the institution that requested the warning thereof.
4. Without prejudice to the information requirements set out in paragraph 2, a duly empowered representative of a legal person, may request information on whether that legal person is registered in the exclusion database.
The accounting officer of the Commission shall inform him in writing or by electronic means whether the legal person is registered in the exclusion database. If the person is registered, the accounting officer of the Commission shall attach the data stored in the exclusion database concerning that person. He shall inform the institution that requested the warning thereof.
5. Removed warnings shall be accessible for audit and investigation purposes only and shall not be visible for the users of the database.
However, personal data contained in exclusion warnings referring to natural persons shall remain accessible to such purposes only for five years after the removal of the warning.
Article 14
Transitional provisions
1. Information from implementing authorities or bodies shall exclusively concern judgments rendered after 1 January 2009.
2. Warnings registered pursuant to Article 95 of the Financial Regulation before the date of application of this Regulation and still active on that date shall constitute exclusion warnings and shall be directly inserted in the exclusion database.
3. Where a third party concerned was not informed of the registration of an exclusion warning referred to in paragraph 2, the Commission service or the institution that requested the registration shall inform the third party that its data were introduced into the exclusion database within one month from the date of application of this Regulation.
4. The Commission service responsible or other institution that requested registration of an exclusion warning referred to in paragraph 2 remain responsible for requesting modification or removal of that warning in accordance with this Regulation.
5. For exclusions decided by a Commission service or an executive agency pursuant to Article 93(1)(b) and (e) of the Financial Regulation before 1 May 2007, the duration of the exclusion period shall take into account the duration of criminal records under national law.
For such exclusion, a maximum duration of four years from the date of notification of the judgment shall apply. If that period has elapsed, the Commission service or the executive agency responsible shall request removal of the warning.
Article 15
Entry into force
This Regulation shall enter into force on the day of its publication in the
Official Journal of the European Union
.
It shall apply from 1 January 2009.
This Regulation shall be binding in its entirety and directly applicable in all Member States.
Done at Brussels, 17 December 2008.
For the Commission
Dalia
GRYBAUSKAITĖ
Member of the Commission
(1)
OJ L 248, 16.9.2002, p. 1
.
(2)
OJ L 78, 19.3.2008, p. 1
.
(3)
OJ L 357, 31.12.2002, p. 1
.
(4)
OJ L 357, 31.12.2002, p. 72
.
(5)
OJ L 297, 22.9.2004, p. 6
.
(6)
OJ L 136, 31.5.1999, p. 1
.
(7)
OJ L 136, 31.5.1999, p. 8
.
(8)
OJ L 281, 23.11.1995, p. 31
.
(9)
OJ L 8, 12.1.2001, p. 1
.
(10) See page 125 of this Official Journal.
ANNEX I
Request for data entry into the exclusion database, its modification or removal by institutions other than the Commission and executive agencies
The request has to be sent in conformity with the procedure for classified information pursuant to the rules set by the institution. It has to be sent in a single closed envelope.
European Commission
Directorate-General Budget
Accounting Officer of the Commission
BRE2 13/505
B-1049 BRUXELLES
[Bild bitte in Originalquelle ansehen]
[Bild bitte in Originalquelle ansehen]
ANNEX II
Communication of information by implementing authorities or bodies
[Bild bitte in Originalquelle ansehen]
[Bild bitte in Originalquelle ansehen]
[Bild bitte in Originalquelle ansehen]
Feedback